logo

Privacy Policy

Effective date: August 24, 2025

This Privacy Policy explains how Caelis Tech Studio SARL (“Caelis”, “we”, “our”, or “us”) collects, uses, discloses, and protects information in connection with Weespin, our deep links and analytics platform (the “Services”). It also describes your rights and choices under applicable laws including the EU/UK GDPR and the California Consumer Privacy Act (CCPA/CPRA).

If you do not agree with this Policy, please do not use the Services.

Scope and Roles

  • This Policy applies to:
    • Visitors to our websites and communications.
    • Account holders and users of Weespin.
    • End users who interact with deep links, QR codes, or campaigns created via Weespin.
  • Role of Caelis Tech Studio SARL:
    • Controller: For data we collect about you as a visitor, prospect, or account user.
    • Processor/Service Provider: For data we process on behalf of our business customers about their end users and campaigns, in accordance with our agreement and applicable data protection laws.

Information We Collect

We collect information directly from you, automatically from your devices and use of the Services, and from third parties.

  1. Information you provide
  • Account and profile data: name, company, role, email, password (hashed), phone number, preferences.
  • Customer content and configuration: link settings, campaign metadata, tags, routing rules, team/workspace info.
  • Communications: support requests, feedback, survey responses.
  • Billing: subscription plan, tax info, billing address. Payment card details are processed by our payment provider (Paddle) and not stored by us.
  1. Information collected automatically
  • Usage and device data: IP address, device type, OS and version, browser and version, language, user agent, screen resolution, time zone, timestamps, session IDs.
  • Event/analytics data: link/QR impressions and clicks, referrers, landing/redirect URLs, UTM and campaign parameters, HTTP headers, error logs.
  • Location: approximate location inferred from IP address (city/region/country level).
  • Identifiers: Weespin-assigned identifiers, cookie IDs, and similar identifiers. Where applicable and lawfully provided, mobile advertising identifiers (e.g., IDFA/GAID). We do not create or collect precise location without your consent.
  1. Information from third parties
  • Authentication, workspace, or identity providers if you choose to connect them (e.g., name, email).
  • Payment status from Paddle (e.g., transaction success/failure, last 4 digits and card brand if returned, no full PAN).
  • Service providers and partners for fraud prevention, analytics, and infrastructure.

Cookies, SDKs, and Similar Technologies

We use cookies, pixels, SDKs, and local storage to:

  • Authenticate users and maintain sessions
  • Remember preferences
  • Measure performance and analyze usage
  • Improve routing and link reliability
  • Prevent fraud and abuse

How We Use Information

We use information to:

  • Provide, operate, and secure the Services (including routing, deep linking, and analytics)
  • Set up and manage accounts, authenticate, and provide support
  • Measure performance and usage; generate reports and insights
  • Improve and develop features, quality, reliability, and user experience
  • Detect, prevent, and respond to security incidents, fraud, and abuse
  • Process payments, billing, and account status (via Paddle)
  • Comply with legal obligations and enforce our terms
  • Communicate about updates, security, and service-related matters; with your consent or as permitted, send marketing communications (you can opt out at any time)

We process personal data under the following legal bases:

  • Performance of a contract: to provide and support the Services you request.
  • Legitimate interests: to secure, improve, and analyze the Services; to prevent fraud; to communicate service updates. We balance these interests against your rights.
  • Consent: for certain cookies/SDKs, marketing, and where required for advertising identifiers.
  • Legal obligation: to comply with applicable laws and requests from authorities.

When acting as a processor for our customers, we process data on their documented instructions and legal basis.

When We Share Information

We do not sell personal information. We share information only as described below:

  • Service providers/subprocessors:
    • Firebase (Google) authentication
    • Amazon Web Services (AWS) infrastructure and storage
    • Paddle payment processing and subscription management
    • Other vetted providers for logging, security, customer support, and communications (list available on request)
  • Customers and their authorized users: For workspace/team features and campaign analytics configured by the customer.
  • Legal and safety: To comply with laws, lawful requests, and to protect rights, safety, and the integrity of the Services.
  • Business transfers: In connection with a merger, acquisition, financing, or sale of assets; we will provide notice where required.

We require recipients to protect personal data consistent with this Policy and applicable law.

International Data Transfers

We may process and store information in countries other than where it was collected. Where required, we implement appropriate safeguards, such as Standard Contractual Clauses, and conduct transfer risk assessments. For details, contact us by email.

Data Retention

We retain personal information for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements. Customers may control retention of certain analytics and event data within their account settings where available. We will delete or de-identify data when it is no longer needed for these purposes, unless a longer retention period is required by law.

Security

We employ technical and organizational measures designed to protect information, including:

  • Encryption in transit
  • Access controls and least-privilege principles
  • Network and infrastructure security on AWS
  • Audit logging and monitoring
  • Employee confidentiality and security training

No method of transmission or storage is 100% secure. If we learn of a security incident affecting your information, we will notify you as required by law and our agreements.

Your Rights and Choices

Depending on your location, you may have rights regarding your personal information.

  • Access, correction, and deletion
  • Portability
  • Restrict or object to processing
  • Withdraw consent (where consent is the legal basis)
  • Lodge a complaint with a supervisory authority

To exercise rights, contact us at [email protected]. If your data was provided by a Weespin customer (e.g., you clicked a customer’s link), please contact that customer directly; we will support them as processor.

You can opt out of marketing emails by using the unsubscribe link in any email or contacting us by email.

California Privacy Notice (CCPA/CPRA)

  • Categories collected: identifiers (e.g., name, email, IP, device IDs), internet/network activity (usage, logs, analytics, clickstream), geolocation (approximate), commercial information (subscription and transaction details), and inferences derived for analytics and service improvement. We do not intentionally collect sensitive personal information, except limited payment/transaction metadata processed by Paddle.
  • Sources: you, your devices, our customers, and service providers.
  • Purposes: to provide and secure the Services; analytics; fraud prevention; billing; compliance; improvements; communications.
  • Disclosure for business purposes: to service providers and processors listed above.
  • “Sale” or “Sharing”: We do not sell personal information. We do not “share” personal information for cross-context behavioral advertising without appropriate notice and choice. You may exercise your right to opt out via our “Do Not Sell or Share My Personal Information” by sending a request to [email protected]. We honor Global Privacy Control (GPC) signals where required.
  • Retention: for as long as necessary for the purposes described above, subject to legal obligations.

Your CCPA rights:

  • Know/access: request details about categories and specific pieces of personal information collected and disclosed.
  • Delete: request deletion, subject to exceptions.
  • Correct: request correction of inaccurate information.
  • Opt-out: opt out of sale or sharing of personal information.
  • Limit use of sensitive information: if applicable.
  • Non-discrimination: we will not discriminate for exercising your rights.

How to exercise: submit a request at [email protected]. We will verify your request as required by law. Authorized agents may submit requests with proof of authorization.

Children’s Privacy

The Services are not directed to children, and we do not knowingly collect personal information from children under 13 (or under 16 in the EEA/UK) without appropriate consent. If you believe a child provided personal information, contact us and we will take appropriate steps to remove it.

Customer End-User Data

For data we process on behalf of our customers about their end users:

  • We process only on documented instructions, under our agreement and Data Processing Addendum.
  • Customers control the purposes and means of processing and are responsible for providing appropriate notices and obtaining any required consents.
  • We assist customers in fulfilling end-user rights requests and in meeting security and breach notification obligations as required.

Third-Party Services

Our Services integrate with or rely on third parties:

  • Firebase (Google): analytics and event processing
  • AWS S3 (Amazon Web Services): storage and infrastructure
  • Paddle: payments and subscriptions

These providers process data as our processors/service providers, subject to their security and privacy practices. Their processing is limited to the purposes described in this Policy and our agreements with them. For more information, see their published privacy documentation.

Do Not Track

Your browser may offer a Do Not Track (DNT) setting. We do not respond to DNT signals. We do honor legally required opt-out signals such as Global Privacy Control (GPC) for sale/share where applicable.

Changes to This Policy

We may update this Policy from time to time. The “Effective date” will indicate the latest version. Material changes will be notified via the Services or by contacting you where appropriate. Your continued use of the Services after an update signifies acceptance of the updated Policy.

Contact Us

If you have questions or requests related to this Policy or your personal information, please contact:

If you are in the EEA/UK, you also have the right to lodge a complaint with your local data protection authority.

Ready to Elevate Your Marketing Strategy?

Experience a new era of link management. No credit card required, no long-term commitments. Upgrade as your campaigns evolve.